ReactOS  0.4.12-dev-18-gf469aca
eventlog.h File Reference
#include <stdarg.h>
#include <windef.h>
#include <winbase.h>
#include <ndk/rtlfuncs.h>
#include <ndk/obfuncs.h>
#include <evtlib.h>
#include <eventlogrpc_s.h>
#include <strsafe.h>
Include dependency graph for eventlog.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  _LOGFILE
 
struct  _EVENTSOURCE
 
struct  _LOGHANDLE
 

Macros

#define WIN32_NO_STATUS
 
#define NTOS_MODE_USER
 
#define ROUND_DOWN(n, align)   (((ULONG)n) & ~((align) - 1l))
 
#define ROUND_UP(n, align)   ROUND_DOWN(((ULONG)n) + (align) - 1, (align))
 
#define LOG_HANDLE_BACKUP_FILE   1
 

Typedefs

typedef struct _LOGFILE LOGFILE
 
typedef struct _LOGFILEPLOGFILE
 
typedef struct _EVENTSOURCE EVENTSOURCE
 
typedef struct _EVENTSOURCEPEVENTSOURCE
 
typedef struct _LOGHANDLE LOGHANDLE
 
typedef struct _LOGHANDLEPLOGHANDLE
 

Functions

VOID PRINT_RECORD (PEVENTLOGRECORD pRec)
 
VOID InitEventSourceList (VOID)
 
BOOL LoadEventSources (HKEY hKey, PLOGFILE pLogFile)
 
PEVENTSOURCE GetEventSourceByName (LPCWSTR Name)
 
VOID LogfListInitialize (VOID)
 
DWORD LogfListItemCount (VOID)
 
PLOGFILE LogfListItemByIndex (DWORD Index)
 
PLOGFILE LogfListItemByName (LPCWSTR Name)
 
NTSTATUS LogfCreate (PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
 
VOID LogfClose (PLOGFILE LogFile, BOOLEAN ForceClose)
 
VOID LogfCloseAll (VOID)
 
NTSTATUS LogfClearFile (PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
 
NTSTATUS LogfBackupFile (PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
 
NTSTATUS LogfReadEvents (PLOGFILE LogFile, ULONG Flags, PULONG RecordNumber, ULONG BufSize, PBYTE Buffer, PULONG BytesRead, PULONG BytesNeeded, BOOLEAN Ansi)
 
NTSTATUS LogfWriteRecord (PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
 
PEVENTLOGRECORD LogfAllocAndBuildNewRecord (PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
 
static __inline void LogfFreeRecord (PEVENTLOGRECORD Record)
 
VOID LogfReportEvent (USHORT wType, USHORT wCategory, ULONG dwEventId, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
 
NTSTATUS WINAPI PortThreadRoutine (PVOID Param)
 
NTSTATUS InitLogPort (VOID)
 
NTSTATUS ProcessPortMessage (VOID)
 
DWORD WINAPI RpcThreadRoutine (LPVOID lpParameter)
 

Variables

PEVENTSOURCE EventLogSource
 

Macro Definition Documentation

◆ LOG_HANDLE_BACKUP_FILE

#define LOG_HANDLE_BACKUP_FILE   1

Definition at line 53 of file eventlog.h.

Referenced by ElfCreateBackupLogHandle(), and ElfrClearELFW().

◆ NTOS_MODE_USER

#define NTOS_MODE_USER

Definition at line 19 of file eventlog.h.

◆ ROUND_DOWN

#define ROUND_DOWN (   n,
  align 
)    (((ULONG)n) & ~((align) - 1l))

Definition at line 23 of file eventlog.h.

◆ ROUND_UP

#define ROUND_UP (   n,
  align 
)    ROUND_DOWN(((ULONG)n) + (align) - 1, (align))

Definition at line 24 of file eventlog.h.

◆ WIN32_NO_STATUS

#define WIN32_NO_STATUS

Definition at line 15 of file eventlog.h.

Typedef Documentation

◆ EVENTSOURCE

◆ LOGFILE

◆ LOGHANDLE

◆ PEVENTSOURCE

◆ PLOGFILE

◆ PLOGHANDLE

Function Documentation

◆ GetEventSourceByName()

PEVENTSOURCE GetEventSourceByName ( LPCWSTR  Name)

Definition at line 202 of file eventsource.c.

Referenced by ElfCreateEventLogHandle(), and wmain().

203 {
204  PLIST_ENTRY CurrentEntry;
205  PEVENTSOURCE Item, Result = NULL;
206 
207  DPRINT("GetEventSourceByName(%S)\n", Name);
209 
210  CurrentEntry = EventSourceListHead.Flink;
211  while (CurrentEntry != &EventSourceListHead)
212  {
213  Item = CONTAINING_RECORD(CurrentEntry,
214  EVENTSOURCE,
215  EventSourceListEntry);
216 
217  DPRINT("Item->szName: %S\n", Item->szName);
218 // if ((*(Item->szName) != 0) && !_wcsicmp(Item->szName, Name))
219  if (_wcsicmp(Item->szName, Name) == 0)
220  {
221  DPRINT("Found it\n");
222  Result = Item;
223  break;
224  }
225 
226  CurrentEntry = CurrentEntry->Flink;
227  }
228 
230 
231  DPRINT("Done (Result: %p)\n", Result);
232 
233  return Result;
234 }
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
WCHAR szName[1]
Definition: eventlog.h:48
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
void DPRINT(...)
Definition: polytest.cpp:61
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
static CRITICAL_SECTION EventSourceListCs
Definition: eventsource.c:17
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
Definition: typedefs.h:117
static LIST_ENTRY EventSourceListHead
Definition: eventsource.c:16
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)

◆ InitEventSourceList()

VOID InitEventSourceList ( VOID  )

Definition at line 22 of file eventsource.c.

Referenced by wmain().

23 {
26 }
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
Definition: synch.c:697
static CRITICAL_SECTION EventSourceListCs
Definition: eventsource.c:17
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
static LIST_ENTRY EventSourceListHead
Definition: eventsource.c:16

◆ InitLogPort()

NTSTATUS InitLogPort ( VOID  )

Definition at line 47 of file logport.c.

Referenced by LogfFreeRecord(), and PortThreadRoutine().

48 {
53 
56 
57  InitializeObjectAttributes(&ObjectAttributes, &PortName, 0, NULL, NULL);
58 
60  &ObjectAttributes,
61  0,
62  PORT_MAXIMUM_MESSAGE_LENGTH, // IO_ERROR_LOG_MESSAGE_LENGTH,
63  2 * PAGE_SIZE);
64  if (!NT_SUCCESS(Status))
65  {
66  DPRINT1("NtCreatePort() failed (Status %lx)\n", Status);
67  goto ByeBye;
68  }
69 
70  Status = NtListenPort(ConnectPortHandle, &Request);
71  if (!NT_SUCCESS(Status))
72  {
73  DPRINT1("NtListenPort() failed (Status %lx)\n", Status);
74  goto ByeBye;
75  }
76 
78  &Request, TRUE, NULL, NULL);
79  if (!NT_SUCCESS(Status))
80  {
81  DPRINT1("NtAcceptConnectPort() failed (Status %lx)\n", Status);
82  goto ByeBye;
83  }
84 
86  if (!NT_SUCCESS(Status))
87  {
88  DPRINT1("NtCompleteConnectPort() failed (Status %lx)\n", Status);
89  goto ByeBye;
90  }
91 
92 ByeBye:
93  if (!NT_SUCCESS(Status))
94  {
95  if (ConnectPortHandle != NULL)
97 
98  if (MessagePortHandle != NULL)
100  }
101  return Status;
102 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
static HANDLE ConnectPortHandle
Definition: logport.c:21
LONG NTSTATUS
Definition: precomp.h:26
_In_ NDIS_HANDLE _In_ PNDIS_REQUEST Request
Definition: ndis.h:5155
smooth NULL
Definition: ftsmooth.c:416
#define ELF_PORT_NAME
Definition: iolog.h:15
NTSTATUS NTAPI NtAcceptConnectPort(OUT PHANDLE PortHandle, IN PVOID PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage, IN BOOLEAN AcceptConnection, IN OUT PPORT_VIEW ServerView OPTIONAL, OUT PREMOTE_PORT_VIEW ClientView OPTIONAL)
Definition: complete.c:40
NTSTATUS NTAPI NtCreatePort(OUT PHANDLE PortHandle, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG MaxConnectInfoLength, IN ULONG MaxDataLength, IN ULONG MaxPoolUsage)
Definition: create.c:212
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3393
#define PAGE_SIZE
Definition: env_spec_w32.h:49
Status
Definition: gdiplustypes.h:24
static HANDLE MessagePortHandle
Definition: logport.c:22
#define PORT_MAXIMUM_MESSAGE_LENGTH
Definition: iotypes.h:1985
#define DPRINT1
Definition: precomp.h:8
NTSTATUS NTAPI NtCompleteConnectPort(IN HANDLE PortHandle)
Definition: complete.c:421
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
NTSTATUS NTAPI NtListenPort(IN HANDLE PortHandle, OUT PPORT_MESSAGE ConnectMessage)
Definition: listen.c:22
IN PUNICODE_STRING PortName
Definition: conport.c:35
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14

◆ LoadEventSources()

BOOL LoadEventSources ( HKEY  hKey,
PLOGFILE  pLogFile 
)

Definition at line 82 of file eventsource.c.

Referenced by LoadLogFiles().

84 {
85  BOOL Success;
86  DWORD dwNumSubKeys, dwMaxSubKeyLength;
87  DWORD dwEventSourceNameLength, MaxValueLen;
88  DWORD dwIndex;
89  PWSTR Buf = NULL, SourceList = NULL, Source = NULL;
90  size_t cchRemaining = 0;
91  LONG Result;
92 
93  DPRINT("LoadEventSources\n");
94 
95  Result = RegQueryInfoKeyW(hKey, NULL, NULL, NULL, &dwNumSubKeys, &dwMaxSubKeyLength,
96  NULL, NULL, NULL, NULL, NULL, NULL);
97  if (Result != ERROR_SUCCESS)
98  {
99  DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
100  return FALSE;
101  }
102 
103  dwMaxSubKeyLength++;
104 
105  Buf = HeapAlloc(GetProcessHeap(), 0, dwMaxSubKeyLength * sizeof(WCHAR));
106  if (!Buf)
107  {
108  DPRINT1("Error: cannot allocate heap!\n");
109  return FALSE;
110  }
111 
112  /*
113  * Allocate a buffer for storing the names of the sources as a REG_MULTI_SZ
114  * in the registry. Also add the event log as its own source.
115  * Add a final NULL-terminator.
116  */
117  MaxValueLen = dwNumSubKeys * dwMaxSubKeyLength + wcslen(pLogFile->LogName) + 2;
118  SourceList = HeapAlloc(GetProcessHeap(), 0, MaxValueLen * sizeof(WCHAR));
119  if (!SourceList)
120  {
121  DPRINT1("Error: cannot allocate heap!\n");
122  /* It is not dramatic if we cannot create it */
123  }
124  else
125  {
126  cchRemaining = MaxValueLen;
127  Source = SourceList;
128  }
129 
130  /*
131  * Enumerate all the subkeys of the event log key, that constitute
132  * all the possible event sources for this event log. At this point,
133  * skip the possible existing source having the same name as the
134  * event log, it will be added later on.
135  */
136  dwEventSourceNameLength = dwMaxSubKeyLength;
137  dwIndex = 0;
138  while (RegEnumKeyExW(hKey,
139  dwIndex,
140  Buf,
141  &dwEventSourceNameLength,
143  {
144  if (_wcsicmp(pLogFile->LogName, Buf) != 0)
145  {
146  DPRINT("Event Source: %S\n", Buf);
147  Success = AddNewEventSource(pLogFile, Buf);
148  if (Success && (Source != NULL))
149  {
150  /* Append the event source name and an extra NULL-terminator */
151  StringCchCopyExW(Source, cchRemaining, Buf, &Source, &cchRemaining, 0);
152  if (cchRemaining > 0)
153  {
154  *++Source = L'\0';
155  cchRemaining--;
156  }
157  }
158  }
159 
160  dwEventSourceNameLength = dwMaxSubKeyLength;
161  dwIndex++;
162  }
163 
164  /* Finally, allow the event log itself to be its own source */
165  DPRINT("Event Source: %S\n", pLogFile->LogName);
166  Success = AddNewEventSource(pLogFile, pLogFile->LogName);
167  if (Success && (Source != NULL))
168  {
169  /* Append the event source name and an extra NULL-terminator */
170  StringCchCopyExW(Source, cchRemaining, pLogFile->LogName, &Source, &cchRemaining, 0);
171  if (cchRemaining > 0)
172  {
173  *++Source = L'\0';
174  cchRemaining--;
175  }
176  }
177 
178  /* Save the list of sources in the registry */
179  Result = RegSetValueExW(hKey,
180  L"Sources",
181  0,
182  REG_MULTI_SZ,
183  (LPBYTE)SourceList,
184  (MaxValueLen - cchRemaining + 1) * sizeof(WCHAR));
185  if (Result != ERROR_SUCCESS)
186  {
187  DPRINT1("RegSetValueExW failed: %lu\n", Result);
188  }
189 
190  if (SourceList)
191  HeapFree(GetProcessHeap(), 0, SourceList);
192 
193  HeapFree(GetProcessHeap(), 0, Buf);
194 
196 
197  return TRUE;
198 }
#define TRUE
Definition: types.h:120
#define ERROR_SUCCESS
Definition: deptool.c:10
static VOID DumpEventSourceList(VOID)
Definition: eventsource.c:30
_In_ IN_ADDR _In_ IN_ADDR _Out_ MULTICAST_MODE_TYPE _Inout_ ULONG _Out_writes_ SourceCount IN_ADDR * SourceList
Definition: ws2tcpip.h:622
__wchar_t WCHAR
Definition: xmlstorage.h:180
uint16_t * PWSTR
Definition: typedefs.h:54
unsigned char * LPBYTE
Definition: typedefs.h:52
long LONG
Definition: pedump.c:60
#define REG_MULTI_SZ
Definition: nt_native.h:1501
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
void DPRINT(...)
Definition: polytest.cpp:61
static BOOL AddNewEventSource(PLOGFILE pLogFile, PWSTR lpSourceName)
Definition: eventsource.c:57
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4917
unsigned int BOOL
Definition: ntddk_ex.h:94
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
unsigned long DWORD
Definition: ntddk_ex.h:95
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3704
static const WCHAR L[]
Definition: oid.c:1087
WCHAR * LogName
Definition: eventlog.h:38
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
#define DPRINT1
Definition: precomp.h:8
_In_ UINT _In_ UINT _In_ PNDIS_PACKET Source
Definition: ndis.h:3149
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2541
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)

◆ LogfAllocAndBuildNewRecord()

PEVENTLOGRECORD LogfAllocAndBuildNewRecord ( PSIZE_T  pRecSize,
ULONG  Time,
USHORT  wType,
USHORT  wCategory,
ULONG  dwEventId,
PUNICODE_STRING  SourceName,
PUNICODE_STRING  ComputerName,
ULONG  dwSidLength,
PSID  pUserSid,
USHORT  wNumStrings,
PWSTR  pStrings,
ULONG  dwDataSize,
PVOID  pRawData 
)

Definition at line 896 of file file.c.

Referenced by ElfrIntReportEventW(), LogfReportEvent(), and ProcessPortMessage().

909 {
910  SIZE_T RecSize;
911  SIZE_T SourceNameSize, ComputerNameSize, StringLen;
912  PBYTE Buffer;
913  PEVENTLOGRECORD pRec;
914  PWSTR str;
915  UINT i, pos;
916 
917  SourceNameSize = (SourceName && SourceName->Buffer) ? SourceName->Length : 0;
918  ComputerNameSize = (ComputerName && ComputerName->Buffer) ? ComputerName->Length : 0;
919 
920  RecSize = sizeof(EVENTLOGRECORD) + /* Add the sizes of the strings, NULL-terminated */
921  SourceNameSize + ComputerNameSize + 2*sizeof(UNICODE_NULL);
922 
923  /* Align on DWORD boundary for the SID */
924  RecSize = ROUND_UP(RecSize, sizeof(ULONG));
925 
926  RecSize += dwSidLength;
927 
928  /* Add the sizes for the strings array */
929  ASSERT((pStrings == NULL && wNumStrings == 0) ||
930  (pStrings != NULL && wNumStrings >= 0));
931  for (i = 0, str = pStrings; i < wNumStrings; i++)
932  {
933  StringLen = wcslen(str) + 1; // str must be != NULL
934  RecSize += StringLen * sizeof(WCHAR);
935  str += StringLen;
936  }
937 
938  /* Add the data size */
939  RecSize += dwDataSize;
940 
941  /* Align on DWORD boundary for the full structure */
942  RecSize = ROUND_UP(RecSize, sizeof(ULONG));
943 
944  /* Size of the trailing 'Length' member */
945  RecSize += sizeof(ULONG);
946 
947  Buffer = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, RecSize);
948  if (!Buffer)
949  {
950  DPRINT1("Cannot allocate heap!\n");
951  return NULL;
952  }
953 
954  pRec = (PEVENTLOGRECORD)Buffer;
955  pRec->Length = RecSize;
956  pRec->Reserved = LOGFILE_SIGNATURE;
957 
958  /*
959  * Do not assign here any precomputed record number to the event record.
960  * The true record number will be assigned atomically and sequentially in
961  * LogfWriteRecord, so that all the event records will have consistent and
962  * unique record numbers.
963  */
964  pRec->RecordNumber = 0;
965 
966  /*
967  * Set the generated time, and temporarily set the written time
968  * with the generated time.
969  */
970  pRec->TimeGenerated = Time;
971  pRec->TimeWritten = Time;
972 
973  pRec->EventID = dwEventId;
974  pRec->EventType = wType;
975  pRec->EventCategory = wCategory;
976 
977  pos = sizeof(EVENTLOGRECORD);
978 
979  /* NOTE: Equivalents of RtlStringCbCopyUnicodeString calls */
980  if (SourceNameSize)
981  {
982  StringCbCopyNW((PWSTR)(Buffer + pos), SourceNameSize + sizeof(UNICODE_NULL),
983  SourceName->Buffer, SourceNameSize);
984  }
985  pos += SourceNameSize + sizeof(UNICODE_NULL);
986  if (ComputerNameSize)
987  {
988  StringCbCopyNW((PWSTR)(Buffer + pos), ComputerNameSize + sizeof(UNICODE_NULL),
989  ComputerName->Buffer, ComputerNameSize);
990  }
991  pos += ComputerNameSize + sizeof(UNICODE_NULL);
992 
993  /* Align on DWORD boundary for the SID */
994  pos = ROUND_UP(pos, sizeof(ULONG));
995 
996  pRec->UserSidLength = 0;
997  pRec->UserSidOffset = 0;
998  if (dwSidLength)
999  {
1000  RtlCopyMemory(Buffer + pos, pUserSid, dwSidLength);
1001  pRec->UserSidLength = dwSidLength;
1002  pRec->UserSidOffset = pos;
1003  pos += dwSidLength;
1004  }
1005 
1006  pRec->StringOffset = pos;
1007  for (i = 0, str = pStrings; i < wNumStrings; i++)
1008  {
1009  StringLen = wcslen(str) + 1; // str must be != NULL
1010  StringCchCopyW((PWSTR)(Buffer + pos), StringLen, str);
1011  str += StringLen;
1012  pos += StringLen * sizeof(WCHAR);
1013  }
1014  pRec->NumStrings = wNumStrings;
1015 
1016  pRec->DataLength = 0;
1017  pRec->DataOffset = 0;
1018  if (dwDataSize)
1019  {
1020  RtlCopyMemory(Buffer + pos, pRawData, dwDataSize);
1021  pRec->DataLength = dwDataSize;
1022  pRec->DataOffset = pos;
1023  pos += dwDataSize;
1024  }
1025 
1026  /* Align on DWORD boundary for the full structure */
1027  pos = ROUND_UP(pos, sizeof(ULONG));
1028 
1029  /* Initialize the trailing 'Length' member */
1030  *((PDWORD)(Buffer + pos)) = RecSize;
1031 
1032  *pRecSize = RecSize;
1033  return pRec;
1034 }
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define ROUND_UP(n, align)
Definition: eventvwr.h:31
STRSAFEAPI StringCbCopyNW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc, size_t cbToCopy)
Definition: strsafe.h:255
uint16_t * PWSTR
Definition: typedefs.h:54
static ULONG
Definition: file.c:43
DWORD StringOffset
Definition: winnt_old.h:2648
#define WCHAR
Definition: msvc.h:43
struct _EVENTLOGRECORD EVENTLOGRECORD
GLenum GLclampf GLint i
Definition: glfuncs.h:14
#define UNICODE_NULL
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
const WCHAR * str
smooth NULL
Definition: ftsmooth.c:416
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:585
#define GetProcessHeap()
Definition: compat.h:395
DWORD UserSidOffset
Definition: winnt_old.h:2650
#define LOGFILE_SIGNATURE
Definition: evtlib.h:43
unsigned int UINT
Definition: ndis.h:50
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
struct _EVENTLOGRECORD * PEVENTLOGRECORD
DWORD RecordNumber
Definition: winnt_old.h:2639
ULONG_PTR SIZE_T
Definition: typedefs.h:78
DWORD TimeGenerated
Definition: winnt_old.h:2640
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
DWORD * PDWORD
Definition: pedump.c:68
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
DWORD UserSidLength
Definition: winnt_old.h:2649
IN BOOLEAN OUT PSTR Buffer
Definition: progress.h:34
BYTE * PBYTE
Definition: pedump.c:66
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
static PLARGE_INTEGER Time
Definition: time.c:105

◆ LogfBackupFile()

NTSTATUS LogfBackupFile ( PLOGFILE  LogFile,
PUNICODE_STRING  BackupFileName 
)

Definition at line 499 of file file.c.

Referenced by ElfrBackupELFW(), and LogfClearFile().

501 {
503  LOGFILE BackupLogFile;
506 
507  DPRINT("LogfBackupFile(%p, %wZ)\n", LogFile, BackupFileName);
508 
509  /* Lock the log file shared */
510  RtlAcquireResourceShared(&LogFile->Lock, TRUE);
511 
512  InitializeObjectAttributes(&ObjectAttributes,
513  BackupFileName,
515  NULL,
516  NULL);
517 
518  Status = NtCreateFile(&BackupLogFile.FileHandle,
520  &ObjectAttributes,
521  &IoStatusBlock,
522  NULL,
525  FILE_CREATE,
527  NULL,
528  0);
529  if (!NT_SUCCESS(Status))
530  {
531  DPRINT("Cannot create backup file `%wZ' (Status 0x%08lx)\n", BackupFileName, Status);
532  goto Quit;
533  }
534 
535  Status = ElfBackupFile(&LogFile->LogFile,
536  &BackupLogFile.LogFile);
537 
538 Quit:
539  /* Close the backup file */
540  if (BackupLogFile.FileHandle != NULL)
541  NtClose(BackupLogFile.FileHandle);
542 
543  /* Unlock the log file */
544  RtlReleaseResource(&LogFile->Lock);
545 
546  return Status;
547 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
LONG NTSTATUS
Definition: precomp.h:26
#define FILE_CREATE
Definition: from_kernel.h:55
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
#define FILE_SHARE_READ
Definition: compat.h:125
EVTLOGFILE LogFile
Definition: eventlog.h:36
#define GENERIC_WRITE
Definition: nt_native.h:90
#define FILE_WRITE_THROUGH
Definition: from_kernel.h:26
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
HANDLE FileHandle
Definition: eventlog.h:37
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
RTL_RESOURCE Lock
Definition: eventlog.h:39
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3393
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define FILE_ATTRIBUTE_NORMAL
Definition: compat.h:126
#define GENERIC_READ
Definition: compat.h:124
#define SYNCHRONIZE
Definition: nt_native.h:61
NTSTATUS NTAPI ElfBackupFile(IN PEVTLOGFILE LogFile, IN PEVTLOGFILE BackupLogFile)
Definition: evtlib.c:979
Status
Definition: gdiplustypes.h:24
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
NTSTATUS NTAPI NtCreateFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocateSize, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength)
Definition: file.c:3735
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106

◆ LogfClearFile()

NTSTATUS LogfClearFile ( PLOGFILE  LogFile,
PUNICODE_STRING  BackupFileName 
)

Definition at line 467 of file file.c.

Referenced by ElfrClearELFW().

469 {
471 
472  /* Lock the log file exclusive */
474 
475  if (BackupFileName->Length > 0)
476  {
477  /* Write a backup file */
478  Status = LogfBackupFile(LogFile, BackupFileName);
479  if (!NT_SUCCESS(Status))
480  {
481  DPRINT1("LogfBackupFile failed (Status 0x%08lx)\n", Status);
482  goto Quit;
483  }
484  }
485 
486  Status = ElfReCreateFile(&LogFile->LogFile);
487  if (!NT_SUCCESS(Status))
488  {
489  DPRINT1("LogfInitializeNew failed (Status 0x%08lx)\n", Status);
490  }
491 
492 Quit:
493  /* Unlock the log file */
494  RtlReleaseResource(&LogFile->Lock);
495  return Status;
496 }
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
EVTLOGFILE LogFile
Definition: eventlog.h:36
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
RTL_RESOURCE Lock
Definition: eventlog.h:39
Status
Definition: gdiplustypes.h:24
NTSTATUS LogfBackupFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:499
#define DPRINT1
Definition: precomp.h:8
NTSTATUS NTAPI ElfReCreateFile(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:966
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)

◆ LogfClose()

VOID LogfClose ( PLOGFILE  LogFile,
BOOLEAN  ForceClose 
)

Definition at line 428 of file file.c.

Referenced by ElfDeleteEventLogHandle(), and LogfCloseAll().

430 {
431  if (LogFile == NULL)
432  return;
433 
434  if (!ForceClose && LogFile->Permanent)
435  return;
436 
438 
439  LogfListRemoveItem(LogFile);
440 
441  ElfCloseFile(&LogFile->LogFile);
442  NtClose(LogFile->FileHandle);
443  LogfpFree(LogFile->LogName, 0, 0);
444 
445  RtlDeleteResource(&LogFile->Lock);
446 
447  LogfpFree(LogFile, 0, TAG_ELF);
448 
449  return;
450 }
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlDeleteResource(_In_ PRTL_RESOURCE Resource)
EVTLOGFILE LogFile
Definition: eventlog.h:36
smooth NULL
Definition: ftsmooth.c:416
static VOID NTAPI LogfpFree(IN PVOID Ptr, IN ULONG Flags, IN ULONG Tag)
Definition: file.c:169
HANDLE FileHandle
Definition: eventlog.h:37
BOOL Permanent
Definition: eventlog.h:40
RTL_RESOURCE Lock
Definition: eventlog.h:39
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3393
#define TAG_ELF
Definition: evtlib.h:151
WCHAR * LogName
Definition: eventlog.h:38
VOID NTAPI ElfCloseFile(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1179
static VOID LogfListRemoveItem(PLOGFILE Item)
Definition: file.c:145
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)

◆ LogfCloseAll()

VOID LogfCloseAll ( VOID  )

Definition at line 452 of file file.c.

Referenced by wmain().

453 {
455 
456  while (!IsListEmpty(&LogFileListHead))
457  {
459  }
460 
462 
464 }
VOID LogfClose(PLOGFILE LogFile, BOOLEAN ForceClose)
Definition: file.c:428
#define TRUE
Definition: types.h:120
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
static CRITICAL_SECTION LogFileListCs
Definition: file.c:23
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
void WINAPI DeleteCriticalSection(PCRITICAL_SECTION)
static LIST_ENTRY LogFileListHead
Definition: file.c:22
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)

◆ LogfCreate()

NTSTATUS LogfCreate ( PLOGFILE LogFile,
PCWSTR  LogName,
PUNICODE_STRING  FileName,
ULONG  MaxSize,
ULONG  Retention,
BOOLEAN  Permanent,
BOOLEAN  Backup 
)

Definition at line 294 of file file.c.

Referenced by ElfCreateBackupLogHandle(), and LoadLogFile().

301 {
305  FILE_STANDARD_INFORMATION FileStdInfo;
306  PLOGFILE pLogFile;
307  SIZE_T LogNameLen;
308  BOOLEAN CreateNew;
309 
310  pLogFile = LogfpAlloc(sizeof(*pLogFile), HEAP_ZERO_MEMORY, TAG_ELF);
311  if (!pLogFile)
312  {
313  DPRINT1("Cannot allocate heap!\n");
314  return STATUS_NO_MEMORY;
315  }
316 
317  LogNameLen = (LogName ? wcslen(LogName) : 0) + 1;
318  pLogFile->LogName = LogfpAlloc(LogNameLen * sizeof(WCHAR), HEAP_ZERO_MEMORY, 0);
319  if (pLogFile->LogName == NULL)
320  {
321  DPRINT1("Cannot allocate heap\n");
322  Status = STATUS_NO_MEMORY;
323  goto Quit;
324  }
325 
326  if (LogName)
327  StringCchCopyW(pLogFile->LogName, LogNameLen, LogName);
328 
329  InitializeObjectAttributes(&ObjectAttributes,
330  FileName,
332  NULL,
333  NULL);
334 
335  DPRINT("Going to create or open %wZ\n", FileName);
336  Status = NtCreateFile(&pLogFile->FileHandle,
337  Backup ? (GENERIC_READ | SYNCHRONIZE)
339  &ObjectAttributes,
340  &IoStatusBlock,
341  NULL,
344  Backup ? FILE_OPEN : FILE_OPEN_IF,
346  NULL,
347  0);
348  if (!NT_SUCCESS(Status))
349  {
350  DPRINT1("Cannot create file `%wZ' (Status 0x%08lx)\n", FileName, Status);
351  goto Quit;
352  }
353 
354  CreateNew = (IoStatusBlock.Information == FILE_CREATED);
355  DPRINT("%wZ %s successfully\n", FileName, CreateNew ? "created" : "opened");
356 
357  /*
358  * Retrieve the log file size and check whether the file is not too large;
359  * this log format only supports files of theoretical size < 0xFFFFFFFF .
360  *
361  * As it happens that, on Windows (and ReactOS), retrieving the End-Of-File
362  * information using NtQueryInformationFile with the FileEndOfFileInformation
363  * class is invalid (who knows why...), use instead the FileStandardInformation
364  * class, and the EndOfFile member of the returned FILE_STANDARD_INFORMATION
365  * structure will give the desired information.
366  */
367  Status = NtQueryInformationFile(pLogFile->FileHandle,
368  &IoStatusBlock,
369  &FileStdInfo,
370  sizeof(FileStdInfo),
372  if (!NT_SUCCESS(Status))
373  {
374  DPRINT1("EventLog: NtQueryInformationFile failed (Status 0x%08lx)\n", Status);
375  goto Quit;
376  }
377  if (FileStdInfo.EndOfFile.HighPart != 0)
378  {
379  DPRINT1("EventLog: Log `%wZ' is too large.\n", FileName);
380  Status = STATUS_EVENTLOG_FILE_CORRUPT; // STATUS_FILE_TOO_LARGE;
381  goto Quit;
382  }
383 
384  DPRINT("Initializing LogFile `%S'\n", pLogFile->LogName);
385 
386  Status = ElfCreateFile(&pLogFile->LogFile,
387  FileName,
388  FileStdInfo.EndOfFile.LowPart,
389  MaxSize,
390  Retention,
391  CreateNew,
392  Backup,
393  LogfpAlloc,
394  LogfpFree,
399  if (!NT_SUCCESS(Status))
400  goto Quit;
401 
402  pLogFile->Permanent = Permanent;
403 
404  RtlInitializeResource(&pLogFile->Lock);
405 
406  LogfListAddItem(pLogFile);
407 
408 Quit:
409  if (!NT_SUCCESS(Status))
410  {
411  if (pLogFile->FileHandle != NULL)
412  NtClose(pLogFile->FileHandle);
413 
414  if (pLogFile->LogName)
415  LogfpFree(pLogFile->LogName, 0, 0);
416 
417  LogfpFree(pLogFile, 0, TAG_ELF);
418  }
419  else
420  {
421  *LogFile = pLogFile;
422  }
423 
424  return Status;
425 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
static NTSTATUS NTAPI LogfpWriteFile(IN PEVTLOGFILE LogFile, IN PLARGE_INTEGER FileOffset, IN PVOID Buffer, IN SIZE_T Length, OUT PSIZE_T WrittenLength OPTIONAL)
Definition: file.c:212
#define FILE_OPEN_IF
Definition: from_kernel.h:56
__wchar_t WCHAR
Definition: xmlstorage.h:180
LONG NTSTATUS
Definition: precomp.h:26
#define STATUS_EVENTLOG_FILE_CORRUPT
Definition: ntstatus.h:617
NTSTATUS NTAPI ElfCreateFile(IN OUT PEVTLOGFILE LogFile, IN PUNICODE_STRING FileName OPTIONAL, IN ULONG FileSize, IN ULONG MaxSize, IN ULONG Retention, IN BOOLEAN CreateNew, IN BOOLEAN ReadOnly, IN PELF_ALLOCATE_ROUTINE Allocate, IN PELF_FREE_ROUTINE Free, IN PELF_FILE_SET_SIZE_ROUTINE FileSetSize, IN PELF_FILE_WRITE_ROUTINE FileWrite, IN PELF_FILE_READ_ROUTINE FileRead, IN PELF_FILE_FLUSH_ROUTINE FileFlush)
Definition: evtlib.c:876
static PVOID NTAPI LogfpAlloc(IN SIZE_T Size, IN ULONG Flags, IN ULONG Tag)
Definition: file.c:158
#define FILE_SHARE_READ
Definition: compat.h:125
EVTLOGFILE LogFile
Definition: eventlog.h:36
#define GENERIC_WRITE
Definition: nt_native.h:90
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
LARGE_INTEGER EndOfFile
Definition: nt_native.h:948
void DPRINT(...)
Definition: polytest.cpp:61
static VOID NTAPI LogfpFree(IN PVOID Ptr, IN ULONG Flags, IN ULONG Tag)
Definition: file.c:169
NTSYSAPI VOID NTAPI RtlInitializeResource(_In_ PRTL_RESOURCE Resource)
HANDLE FileHandle
Definition: eventlog.h:37
static NTSTATUS NTAPI LogfpSetFileSize(IN PEVTLOGFILE LogFile, IN ULONG FileSize, IN ULONG OldFileSize)
Definition: file.c:244
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
BOOL Permanent
Definition: eventlog.h:40
RTL_RESOURCE Lock
Definition: eventlog.h:39
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3393
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define TAG_ELF
Definition: evtlib.h:151
#define FILE_ATTRIBUTE_NORMAL
Definition: compat.h:126
WCHAR * LogName
Definition: eventlog.h:38
ULONG LowPart
Definition: typedefs.h:104
#define GENERIC_READ
Definition: compat.h:124
NTSTATUS NTAPI NtQueryInformationFile(HANDLE hFile, PIO_STATUS_BLOCK io, PVOID ptr, ULONG len, FILE_INFORMATION_CLASS FileInformationClass)
#define SYNCHRONIZE
Definition: nt_native.h:61
Status
Definition: gdiplustypes.h:24
#define FILE_OPEN
Definition: from_kernel.h:54
ULONG_PTR SIZE_T
Definition: typedefs.h:78
#define STATUS_NO_MEMORY
Definition: ntstatus.h:246
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
NTSTATUS NTAPI NtCreateFile(PHANDLE FileHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PIO_STATUS_BLOCK IoStatusBlock, PLARGE_INTEGER AllocateSize, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PVOID EaBuffer, ULONG EaLength)
Definition: file.c:3735
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define FILE_CREATED
Definition: nt_native.h:770
static VOID LogfListAddItem(PLOGFILE Item)
Definition: file.c:137
#define DPRINT1
Definition: precomp.h:8
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
static NTSTATUS NTAPI LogfpFlushFile(IN PEVTLOGFILE LogFile, IN PLARGE_INTEGER FileOffset, IN ULONG Length)
Definition: file.c:280
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
static NTSTATUS NTAPI LogfpReadFile(IN PEVTLOGFILE LogFile, IN PLARGE_INTEGER FileOffset, OUT PVOID Buffer, IN SIZE_T Length, OUT PSIZE_T ReadLength OPTIONAL)
Definition: file.c:180

◆ LogfFreeRecord()

static __inline void LogfFreeRecord ( PEVENTLOGRECORD  Record)
static

Definition at line 143 of file eventlog.h.

Referenced by ElfrIntReportEventW(), LogfReportEvent(), and ProcessPortMessage().

144 {
145  RtlFreeHeap(GetProcessHeap(), 0, Record);
146 }
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:603
#define GetProcessHeap()
Definition: compat.h:395

◆ LogfListInitialize()

VOID LogfListInitialize ( VOID  )

Definition at line 27 of file file.c.

Referenced by wmain().

28 {
31 }
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
Definition: synch.c:697
static CRITICAL_SECTION LogFileListCs
Definition: file.c:23
static LIST_ENTRY LogFileListHead
Definition: file.c:22
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944

◆ LogfListItemByIndex()

PLOGFILE LogfListItemByIndex ( DWORD  Index)

Definition at line 93 of file file.c.

Referenced by ElfCreateEventLogHandle().

94 {
95  PLIST_ENTRY CurrentEntry;
97  DWORD i = 1;
98 
100 
101  CurrentEntry = LogFileListHead.Flink;
102  while (CurrentEntry != &LogFileListHead)
103  {
104  if (i == Index)
105  {
106  Result = CONTAINING_RECORD(CurrentEntry, LOGFILE, ListEntry);
107  break;
108  }
109 
110  CurrentEntry = CurrentEntry->Flink;
111  i++;
112  }
113 
115  return Result;
116 }
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
GLenum GLclampf GLint i
Definition: glfuncs.h:14
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
static CRITICAL_SECTION LogFileListCs
Definition: file.c:23
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
static const UCHAR Index[8]
Definition: usbohci.c:18
unsigned long DWORD
Definition: ntddk_ex.h:95
static LIST_ENTRY LogFileListHead
Definition: file.c:22
Definition: typedefs.h:117
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)

◆ LogfListItemByName()

PLOGFILE LogfListItemByName ( LPCWSTR  Name)

Definition at line 33 of file file.c.

Referenced by ElfCreateEventLogHandle(), and ProcessPortMessage().

34 {
35  PLIST_ENTRY CurrentEntry;
36  PLOGFILE Item, Result = NULL;
37 
38  ASSERT(Name);
39 
41 
42  CurrentEntry = LogFileListHead.Flink;
43  while (CurrentEntry != &LogFileListHead)
44  {
45  Item = CONTAINING_RECORD(CurrentEntry, LOGFILE, ListEntry);
46 
47  if (Item->LogName && !_wcsicmp(Item->LogName, Name))
48  {
49  Result = Item;
50  break;
51  }
52 
53  CurrentEntry = CurrentEntry->Flink;
54  }
55 
57  return Result;
58 }
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
static CRITICAL_SECTION LogFileListCs
Definition: file.c:23
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
WCHAR * LogName
Definition: eventlog.h:38
static LIST_ENTRY LogFileListHead
Definition: file.c:22
Definition: typedefs.h:117
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)

◆ LogfListItemCount()

DWORD LogfListItemCount ( VOID  )

Definition at line 118 of file file.c.

Referenced by ElfCreateEventLogHandle().

119 {
120  PLIST_ENTRY CurrentEntry;
121  DWORD i = 0;
122 
124 
125  CurrentEntry = LogFileListHead.Flink;
126  while (CurrentEntry != &LogFileListHead)
127  {
128  CurrentEntry = CurrentEntry->Flink;
129  i++;
130  }
131 
133  return i;
134 }
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
GLenum GLclampf GLint i
Definition: glfuncs.h:14
static CRITICAL_SECTION LogFileListCs
Definition: file.c:23
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
unsigned long DWORD
Definition: ntddk_ex.h:95
static LIST_ENTRY LogFileListHead
Definition: file.c:22
Definition: typedefs.h:117
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)

◆ LogfReadEvents()

NTSTATUS LogfReadEvents ( PLOGFILE  LogFile,
ULONG  Flags,
PULONG  RecordNumber,
ULONG  BufSize,
PBYTE  Buffer,
PULONG  BytesRead,
PULONG  BytesNeeded,
BOOLEAN  Ansi 
)

Definition at line 721 of file file.c.

Referenced by ElfrReadELA(), and ElfrReadELW().

729 {
731  ULONG RecNum;
732  SIZE_T ReadLength, NeededSize;
733  ULONG BufferUsage;
734 
735  /* Parameters validation */
736 
737  /* EVENTLOG_SEQUENTIAL_READ and EVENTLOG_SEEK_READ are mutually exclusive */
740 
741  if (!(Flags & EVENTLOG_SEQUENTIAL_READ) && !(Flags & EVENTLOG_SEEK_READ))
743 
744  /* EVENTLOG_FORWARDS_READ and EVENTLOG_BACKWARDS_READ are mutually exclusive */
747 
748  if (!(Flags & EVENTLOG_FORWARDS_READ) && !(Flags & EVENTLOG_BACKWARDS_READ))
750 
751  if (!Buffer || !BytesRead || !BytesNeeded)
753 
754  /* In seek read mode, a record number of 0 is invalid */
755  if (!(Flags & EVENTLOG_SEQUENTIAL_READ) && (*RecordNumber == 0))
757 
758  /* Lock the log file shared */
759  RtlAcquireResourceShared(&LogFile->Lock, TRUE);
760 
761  /*
762  * In sequential read mode, a record number of 0 means we need
763  * to determine where to start the read operation. Otherwise
764  * we just use the provided record number.
765  */
766  if ((Flags & EVENTLOG_SEQUENTIAL_READ) && (*RecordNumber == 0))
767  {
768  if (Flags & EVENTLOG_FORWARDS_READ)
769  {
770  *RecordNumber = ElfGetOldestRecord(&LogFile->LogFile);
771  }
772  else // if (Flags & EVENTLOG_BACKWARDS_READ)
773  {
774  *RecordNumber = ElfGetCurrentRecord(&LogFile->LogFile) - 1;
775  }
776  }
777 
778  RecNum = *RecordNumber;
779 
780  *BytesRead = 0;
781  *BytesNeeded = 0;
782 
783  BufferUsage = 0;
784  do
785  {
786  Status = ReadRecord(&LogFile->LogFile,
787  RecNum,
788  (PEVENTLOGRECORD)(Buffer + BufferUsage),
789  BufSize - BufferUsage,
790  &ReadLength,
791  &NeededSize,
792  Ansi);
793  if (Status == STATUS_NOT_FOUND)
794  {
795  if (BufferUsage == 0)
796  {
797  Status = STATUS_END_OF_FILE;
798  goto Quit;
799  }
800  else
801  {
802  break;
803  }
804  }
805  else
806  if (Status == STATUS_BUFFER_TOO_SMALL)
807  {
808  if (BufferUsage == 0)
809  {
810  *BytesNeeded = NeededSize;
811  // Status = STATUS_BUFFER_TOO_SMALL;
812  goto Quit;
813  }
814  else
815  {
816  break;
817  }
818  }
819  else
820  if (!NT_SUCCESS(Status))
821  {
822  DPRINT1("ElfReadRecord failed (Status 0x%08lx)\n", Status);
823  goto Quit;
824  }
825 
826  /* Go to the next event record */
827  /*
828  * NOTE: This implicitly supposes that all the other record numbers
829  * are consecutive (and do not jump than more than one unit); but if
830  * it is not the case, then we would prefer here to call some
831  * "get_next_record_number" function.
832  */
833  if (Flags & EVENTLOG_FORWARDS_READ)
834  RecNum++;
835  else // if (Flags & EVENTLOG_BACKWARDS_READ)
836  RecNum--;
837 
838  BufferUsage += ReadLength;
839  }
840  while (BufferUsage <= BufSize);
841 
842  *BytesRead = BufferUsage;
843  *RecordNumber = RecNum;
844 
845  Status = STATUS_SUCCESS;
846 
847 Quit:
848  /* Unlock the log file */
849  RtlReleaseResource(&LogFile->Lock);
850 
851  if (!NT_SUCCESS(Status))
852  DPRINT1("LogfReadEvents failed (Status 0x%08lx)\n", Status);
853 
854  return Status;
855 }
ULONG NTAPI ElfGetOldestRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1589
#define TRUE
Definition: types.h:120
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
EVTLOGFILE LogFile
Definition: eventlog.h:36
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:52
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2627
#define STATUS_END_OF_FILE
Definition: shellext.h:50
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
Definition: bufpool.h:45
#define BufSize
Definition: FsRtlTunnel.c:28
#define STATUS_NOT_FOUND
Definition: shellext.h:55
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
ULONG NTAPI ElfGetCurrentRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1598
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2624
RTL_RESOURCE Lock
Definition: eventlog.h:39
#define EVENTLOG_SEEK_READ
Definition: winnt_old.h:2625
Status
Definition: gdiplustypes.h:24
ULONG_PTR SIZE_T
Definition: typedefs.h:78
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2626
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
static NTSTATUS ReadRecord(IN PEVTLOGFILE LogFile, IN ULONG RecordNumber, OUT PEVENTLOGRECORD Record, IN SIZE_T BufSize, OUT PSIZE_T BytesRead OPTIONAL, OUT PSIZE_T BytesNeeded OPTIONAL, IN BOOLEAN Ansi)
Definition: file.c:551
return STATUS_SUCCESS
Definition: btrfs.c:2710
_Must_inspect_result_ _In_ PFILE_OBJECT _In_opt_ PLARGE_INTEGER _In_ ULONG _In_ FLT_IO_OPERATION_FLAGS _Out_opt_ PULONG BytesRead
Definition: fltkernel.h:1255

◆ LogfReportEvent()

VOID LogfReportEvent ( USHORT  wType,
USHORT  wCategory,
ULONG  dwEventId,
USHORT  wNumStrings,
PWSTR  pStrings,
ULONG  dwDataSize,
PVOID  pRawData 
)

Definition at line 1037 of file file.c.

Referenced by LogfFreeRecord(), ReportProductInfoEvent(), ServiceControlHandler(), and ServiceMain().

1044 {
1045  NTSTATUS Status;
1046  UNICODE_STRING SourceName, ComputerName;
1047  PEVENTLOGRECORD LogBuffer;
1048  LARGE_INTEGER SystemTime;
1049  ULONG Time;
1050  SIZE_T RecSize;
1051  DWORD dwComputerNameLength;
1052  WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1053 
1054  if (!EventLogSource)
1055  return;
1056 
1058 
1059  dwComputerNameLength = ARRAYSIZE(szComputerName);
1060  if (!GetComputerNameW(szComputerName, &dwComputerNameLength))
1061  szComputerName[0] = L'\0';
1062 
1063  RtlInitUnicodeString(&ComputerName, szComputerName);
1064 
1065  NtQuerySystemTime(&SystemTime);
1066  RtlTimeToSecondsSince1970(&SystemTime, &Time);
1067 
1068  LogBuffer = LogfAllocAndBuildNewRecord(&RecSize,
1069  Time,
1070  wType,
1071  wCategory,
1072  dwEventId,
1073  &SourceName,
1074  &ComputerName,
1075  0,
1076  NULL,
1077  wNumStrings,
1078  pStrings,
1079  dwDataSize,
1080  pRawData);
1081  if (LogBuffer == NULL)
1082  {
1083  DPRINT1("LogfAllocAndBuildNewRecord failed!\n");
1084  return;
1085  }
1086 
1087  Status = LogfWriteRecord(EventLogSource->LogFile, LogBuffer, RecSize);
1088  if (!NT_SUCCESS(Status))
1089  {
1090  DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
1091  EventLogSource->LogFile->LogName, Status);
1092  }
1093 
1094  LogfFreeRecord(LogBuffer);
1095 }
BOOLEAN NTAPI RtlTimeToSecondsSince1970(PLARGE_INTEGER Time, PULONG ElapsedSeconds)
__wchar_t WCHAR
Definition: xmlstorage.h:180
LONG NTSTATUS
Definition: precomp.h:26
static __inline void LogfFreeRecord(PEVENTLOGRECORD Record)
Definition: eventlog.h:143
PEVENTLOGRECORD LogfAllocAndBuildNewRecord(PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:896
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:339
PLOGFILE LogFile
Definition: eventlog.h:47
WCHAR szName[1]
Definition: eventlog.h:48
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS LogfWriteRecord(PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
Definition: file.c:858
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
PEVENTSOURCE EventLogSource
Definition: eventlog.c:35
unsigned long DWORD
Definition: ntddk_ex.h:95
static const WCHAR L[]
Definition: oid.c:1087
WCHAR * LogName
Definition: eventlog.h:38
Status
Definition: gdiplustypes.h:24
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:240
ULONG_PTR SIZE_T
Definition: typedefs.h:78
WCHAR SourceName[256]
Definition: arping.c:28
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:417
static PLARGE_INTEGER Time
Definition: time.c:105

◆ LogfWriteRecord()

NTSTATUS LogfWriteRecord ( PLOGFILE  LogFile,
PEVENTLOGRECORD  Record,
SIZE_T  BufSize 
)

Definition at line 858 of file file.c.

Referenced by ElfrIntReportEventW(), LogfReportEvent(), and ProcessPortMessage().

861 {
863  LARGE_INTEGER SystemTime;
864 
865  // ASSERT(sizeof(*Record) == sizeof(RecBuf));
866 
867  if (!Record || BufSize < sizeof(*Record))
869 
870  /* Lock the log file exclusive */
872 
873  /*
874  * Retrieve the record written time now, that will also be compared
875  * with the existing events timestamps in case the log is wrapping.
876  */
877  NtQuerySystemTime(&SystemTime);
878  RtlTimeToSecondsSince1970(&SystemTime, &Record->TimeWritten);
879 
880  Status = ElfWriteRecord(&LogFile->LogFile, Record, BufSize);
881  if (Status == STATUS_LOG_FILE_FULL)
882  {
883  /* The event log file is full, queue a message box for the user and exit */
884  // TODO!
885  DPRINT1("Log file `%S' is full!\n", LogFile->LogName);
886  }
887 
888  /* Unlock the log file */
889  RtlReleaseResource(&LogFile->Lock);
890 
891  return Status;
892 }
#define TRUE
Definition: types.h:120
BOOLEAN NTAPI RtlTimeToSecondsSince1970(PLARGE_INTEGER Time, PULONG ElapsedSeconds)
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define STATUS_LOG_FILE_FULL
Definition: ntstatus.h:611
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
EVTLOGFILE LogFile
Definition: eventlog.h:36
#define BufSize
Definition: FsRtlTunnel.c:28
RTL_RESOURCE Lock
Definition: eventlog.h:39
NTSTATUS NTAPI ElfWriteRecord(IN PEVTLOGFILE LogFile, IN PEVENTLOGRECORD Record, IN SIZE_T BufSize)
Definition: evtlib.c:1269
WCHAR * LogName
Definition: eventlog.h:38
Status
Definition: gdiplustypes.h:24
#define DPRINT1
Definition: precomp.h:8
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:417
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)

◆ PortThreadRoutine()

NTSTATUS WINAPI PortThreadRoutine ( PVOID  Param)

Definition at line 27 of file logport.c.

Referenced by LogfFreeRecord(), and ServiceInit().

28 {
30 
31  Status = InitLogPort();
32  if (!NT_SUCCESS(Status))
33  return Status;
34 
35  while (NT_SUCCESS(Status))
36  Status = ProcessPortMessage();
37 
38  if (ConnectPortHandle != NULL)
40 
41  if (MessagePortHandle != NULL)
43 
44  return Status;
45 }
static HANDLE ConnectPortHandle
Definition: logport.c:21
LONG NTSTATUS
Definition: precomp.h:26
smooth NULL
Definition: ftsmooth.c:416
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3393
Status
Definition: gdiplustypes.h:24
static HANDLE MessagePortHandle
Definition: logport.c:22
NTSTATUS InitLogPort(VOID)
Definition: logport.c:47
NTSTATUS ProcessPortMessage(VOID)
Definition: logport.c:104
return STATUS_SUCCESS
Definition: btrfs.c:2710

◆ PRINT_RECORD()

VOID PRINT_RECORD ( PEVENTLOGRECORD  pRec)

Definition at line 544 of file eventlog.c.

Referenced by ProcessPortMessage().

545 {
546  UINT i;
547  PWSTR str;
548  LARGE_INTEGER SystemTime;
550 
551  DPRINT1("PRINT_RECORD(0x%p)\n", pRec);
552 
553  DbgPrint("Length = %lu\n", pRec->Length);
554  DbgPrint("Reserved = 0x%x\n", pRec->Reserved);
555  DbgPrint("RecordNumber = %lu\n", pRec->RecordNumber);
556 
557  RtlSecondsSince1970ToTime(pRec->TimeGenerated, &SystemTime);
558  RtlTimeToTimeFields(&SystemTime, &Time);
559  DbgPrint("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n",
560  Time.Day, Time.Month, Time.Year,
561  Time.Hour, Time.Minute, Time.Second);
562 
563  RtlSecondsSince1970ToTime(pRec->TimeWritten, &SystemTime);
564  RtlTimeToTimeFields(&SystemTime, &Time);
565  DbgPrint("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n",
566  Time.Day, Time.Month, Time.Year,
567  Time.Hour, Time.Minute, Time.Second);
568 
569  DbgPrint("EventID = %lu\n", pRec->EventID);
570 
571  switch (pRec->EventType)
572  {
573  case EVENTLOG_ERROR_TYPE:
574  DbgPrint("EventType = EVENTLOG_ERROR_TYPE\n");
575  break;
577  DbgPrint("EventType = EVENTLOG_WARNING_TYPE\n");
578  break;
580  DbgPrint("EventType = EVENTLOG_INFORMATION_TYPE\n");
581  break;
583  DbgPrint("EventType = EVENTLOG_AUDIT_SUCCESS\n");
584  break;
586  DbgPrint("EventType = EVENTLOG_AUDIT_FAILURE\n");
587  break;
588  default:
589  DbgPrint("EventType = %hu\n", pRec->EventType);
590  }
591 
592  DbgPrint("NumStrings = %hu\n", pRec->NumStrings);
593  DbgPrint("EventCategory = %hu\n", pRec->EventCategory);
594  DbgPrint("ReservedFlags = 0x%x\n", pRec->ReservedFlags);
595  DbgPrint("ClosingRecordNumber = %lu\n", pRec->ClosingRecordNumber);
596  DbgPrint("StringOffset = %lu\n", pRec->StringOffset);
597  DbgPrint("UserSidLength = %lu\n", pRec->UserSidLength);
598  DbgPrint("UserSidOffset = %lu\n", pRec->UserSidOffset);
599  DbgPrint("DataLength = %lu\n", pRec->DataLength);
600  DbgPrint("DataOffset = %lu\n", pRec->DataOffset);
601 
602  i = sizeof(EVENTLOGRECORD);
603  DbgPrint("SourceName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
604 
605  i += (wcslen((PWSTR)((ULONG_PTR)pRec + i)) + 1) * sizeof(WCHAR);
606  DbgPrint("ComputerName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
607 
608  if (pRec->StringOffset < pRec->Length && pRec->NumStrings)
609  {
610  DbgPrint("Strings:\n");
611  str = (PWSTR)((ULONG_PTR)pRec + pRec->StringOffset);
612  for (i = 0; i < pRec->NumStrings; i++)
613  {
614  DbgPrint("[%u] %S\n", i, str);
615  str += wcslen(str) + 1;
616  }
617  }
618 
619  DbgPrint("Length2 = %lu\n", *(PULONG)((ULONG_PTR)pRec + pRec->Length - 4));
620 }
#define DbgPrint
Definition: loader.c:25
__wchar_t WCHAR
Definition: xmlstorage.h:180
NTSYSAPI VOID NTAPI RtlSecondsSince1970ToTime(_In_ ULONG SecondsSince1970, _Out_ PLARGE_INTEGER Time)
uint16_t * PWSTR
Definition: typedefs.h:54
DWORD StringOffset
Definition: winnt_old.h:2648
uint32_t ULONG_PTR
Definition: typedefs.h:63
struct _EVENTLOGRECORD EVENTLOGRECORD
GLenum GLclampf GLint i
Definition: glfuncs.h:14
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
const WCHAR * str
BOOLEAN RtlTimeToTimeFields(IN PLARGE_INTEGER Time, IN PTIME_FIELDS TimeFields)
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
DWORD UserSidOffset
Definition: winnt_old.h:2650
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
unsigned int UINT
Definition: ndis.h:50
DWORD RecordNumber
Definition: winnt_old.h:2639
DWORD TimeGenerated
Definition: winnt_old.h:2640
unsigned int * PULONG
Definition: retypes.h:1
#define DPRINT1
Definition: precomp.h:8
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633
DWORD UserSidLength
Definition: winnt_old.h:2649
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
static PLARGE_INTEGER Time
Definition: time.c:105
DWORD ClosingRecordNumber
Definition: winnt_old.h:2647

◆ ProcessPortMessage()

NTSTATUS ProcessPortMessage ( VOID  )

Definition at line 104 of file logport.c.

Referenced by LogfFreeRecord(), and PortThreadRoutine().

105 {
107  PLOGFILE SystemLog = NULL;
108  UCHAR Buffer[PORT_MAXIMUM_MESSAGE_LENGTH]; // IO_ERROR_LOG_MESSAGE_LENGTH
111  PEVENTLOGRECORD LogBuffer;
112  SIZE_T RecSize;
113  ULONG Time;
115  UNICODE_STRING SourceName, ComputerName;
116  DWORD dwComputerNameLength;
117  WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
118 
119  DPRINT("ProcessPortMessage() called\n");
120 
121  SystemLog = LogfListItemByName(L"System");
122 
123  while (TRUE)
124  {
126  NULL,
127  NULL,
128  &Message->Header);
129 
130  if (!NT_SUCCESS(Status))
131  {
132  DPRINT1("NtReplyWaitReceivePort() failed (Status %lx)\n", Status);
133  break;
134  }
135 
136  DPRINT("Received message\n");
137 
138  if (Message->Header.u2.s2.Type == LPC_PORT_CLOSED)
139  {
140  DPRINT("Port closed\n");
141  return STATUS_SUCCESS;
142  }
143 
144  if (Message->Header.u2.s2.Type == LPC_REQUEST)
145  {
146  DPRINT("Received request\n");
147  }
148  else if (Message->Header.u2.s2.Type == LPC_DATAGRAM)
149  {
150  DPRINT("Received datagram (0x%x, 0x%x)\n",
151  Message->Unknown[0], Message->Unknown[1]);
152  ErrorMessage = &Message->IoErrorMessage;
153 
154  // ASSERT(ErrorMessage->Type == IO_TYPE_ERROR_MESSAGE);
155 
156  RtlInitEmptyUnicodeString(&SourceName, NULL, 0);
157  if (ErrorMessage->DriverNameLength > sizeof(UNICODE_NULL)) // DriverNameLength counts NULL-terminator
158  {
159  SourceName.Buffer = (PWSTR)((ULONG_PTR)ErrorMessage + ErrorMessage->DriverNameOffset);
160  SourceName.MaximumLength = ErrorMessage->DriverNameLength;
161  SourceName.Length = SourceName.MaximumLength - sizeof(UNICODE_NULL);
162  }
163 
164  dwComputerNameLength = ARRAYSIZE(szComputerName);
165  if (!GetComputerNameW(szComputerName, &dwComputerNameLength))
166  szComputerName[0] = L'\0';
167 
168  RtlInitUnicodeString(&ComputerName, szComputerName);
169 
170  RtlTimeToSecondsSince1970(&ErrorMessage->TimeStamp, &Time);
171 
172  /* Set the event type based on the error code severity */
173  EventType = (USHORT)(ErrorMessage->EntryData.ErrorCode >> 30);
174  if (EventType == STATUS_SEVERITY_SUCCESS)
175  {
176  EventType = EVENTLOG_SUCCESS;
177  }
178  else if (EventType == STATUS_SEVERITY_INFORMATIONAL) // NT_INFORMATION
179  {
180  EventType = EVENTLOG_INFORMATION_TYPE;
181  }
182  else if (EventType == STATUS_SEVERITY_WARNING) // NT_WARNING
183  {
184  EventType = EVENTLOG_WARNING_TYPE;
185  }
186  else if (EventType == STATUS_SEVERITY_ERROR) // NT_ERROR
187  {
188  EventType = EVENTLOG_ERROR_TYPE;
189  }
190  else
191  {
192  /* Unknown severity, set to error */
193  EventType = EVENTLOG_ERROR_TYPE;
194  }
195 
196  /*
197  * The data being saved consists of the IO_ERROR_LOG_PACKET structure
198  * header, plus the additional raw data from the driver.
199  */
200  LogBuffer = LogfAllocAndBuildNewRecord(
201  &RecSize,
202  Time,
203  EventType,
204  ErrorMessage->EntryData.EventCategory,
205  ErrorMessage->EntryData.ErrorCode,
206  &SourceName,
207  &ComputerName,
208  0,
209  NULL,
210  ErrorMessage->EntryData.NumberOfStrings,
211  (PWSTR)((ULONG_PTR)ErrorMessage +
212  ErrorMessage->EntryData.StringOffset),
214  ErrorMessage->EntryData.DumpDataSize,
215  (PVOID)&ErrorMessage->EntryData);
216  if (LogBuffer == NULL)
217  {
218  DPRINT1("LogfAllocAndBuildNewRecord failed!\n");
219  // return STATUS_NO_MEMORY;
220  continue;
221  }
222 
223  if (!onLiveCD && SystemLog)
224  {
225  Status = LogfWriteRecord(SystemLog, LogBuffer, RecSize);
226  if (!NT_SUCCESS(Status))
227  {
228  DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
229  SystemLog->LogName, Status);
230  }
231  }
232  else
233  {
234  DPRINT1("\n--- EVENTLOG RECORD ---\n");
235  PRINT_RECORD(LogBuffer);
236  DPRINT1("\n");
237  }
238 
239  LogfFreeRecord(LogBuffer);
240  }
241  }
242 
243  return Status;
244 }
#define STATUS_SEVERITY_INFORMATIONAL
Definition: errmsg.h:60
BOOL onLiveCD
Definition: eventlog.c:33
#define TRUE
Definition: types.h:120
VOID PRINT_RECORD(PEVENTLOGRECORD pRec)
Definition: eventlog.c:544
USHORT MaximumLength
Definition: env_spec_w32.h:370
BOOLEAN NTAPI RtlTimeToSecondsSince1970(PLARGE_INTEGER Time, PULONG ElapsedSeconds)
VOID ErrorMessage(DWORD, LPTSTR,...)
Definition: error.c:26
__wchar_t WCHAR
Definition: xmlstorage.h:180
uint16_t * PWSTR
Definition: typedefs.h:54
LONG NTSTATUS
Definition: precomp.h:26
static __inline void LogfFreeRecord(PEVENTLOGRECORD Record)
Definition: eventlog.h:143
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
#define STATUS_SEVERITY_WARNING
Definition: errmsg.h:58
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:339
uint32_t ULONG_PTR
Definition: typedefs.h:63
struct _ELF_API_MSG * PELF_API_MSG
ULONG Unknown[2]
Definition: iolog.h:20
NTSTATUS ErrorCode
Definition: iotypes.h:1963
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
#define UNICODE_NULL
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
Definition: bufpool.h:45
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2629
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
USHORT NumberOfStrings
Definition: iotypes.h:1960
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
unsigned long DWORD
Definition: ntddk_ex.h:95
#define STATUS_SEVERITY_SUCCESS
Definition: errmsg.h:59
CHAR Message[80]
Definition: alive.c:5
unsigned char UCHAR
Definition: xmlstorage.h:181
NTSTATUS NTAPI NtReplyWaitReceivePort(IN HANDLE PortHandle, OUT PVOID *PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage)
Definition: reply.c:743
static const WCHAR L[]
Definition: oid.c:1087
WCHAR * LogName
Definition: eventlog.h:38
PEVENTLOGRECORD LogfAllocAndBuildNewRecord(PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:896
#define STATUS_SEVERITY_ERROR
Definition: errmsg.h:61
LARGE_INTEGER TimeStamp
Definition: iotypes.h:1976
Status
Definition: gdiplustypes.h:24
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:240
ULONG_PTR SIZE_T
Definition: typedefs.h:78
static HANDLE MessagePortHandle
Definition: logport.c:22
PORT_MESSAGE Header
Definition: iolog.h:19
unsigned short USHORT
Definition: pedump.c:61
#define PORT_MAXIMUM_MESSAGE_LENGTH
Definition: iotypes.h:1985
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
IO_ERROR_LOG_MESSAGE IoErrorMessage
Definition: iolog.h:21
NTSTATUS LogfWriteRecord(PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
Definition: file.c:858
WCHAR SourceName[256]
Definition: arping.c:28
IO_ERROR_LOG_PACKET EntryData
Definition: iotypes.h:1978
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE EventType
Definition: exfuncs.h:165
PLOGFILE LogfListItemByName(LPCWSTR Name)
Definition: file.c:33
return STATUS_SUCCESS
Definition: btrfs.c:2710
static PLARGE_INTEGER Time
Definition: time.c:105

◆ RpcThreadRoutine()

DWORD WINAPI RpcThreadRoutine ( LPVOID  lpParameter)

Definition at line 26 of file rpc.c.

Referenced by LogfFreeRecord(), and ServiceInit().

27 {
29 
32 
33  Status = RpcServerUseProtseqEpW(L"ncacn_np", 20, L"\\pipe\\EventLog", NULL);
34  if (Status != RPC_S_OK)
35  {
36  DPRINT("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status);
37  goto Quit;
38  }
39 
40  Status = RpcServerRegisterIf(eventlog_v0_0_s_ifspec, NULL, NULL);
41  if (Status != RPC_S_OK)
42  {
43  DPRINT("RpcServerRegisterIf() failed (Status %lx)\n", Status);
44  goto Quit;
45  }
46 
48  if (Status != RPC_S_OK)
49  {
50  DPRINT("RpcServerListen() failed (Status %lx)\n", Status);
51  }
52 
55  {
57  ElfDeleteEventLogHandle(&LogHandle);
58  }
60 
61 Quit:
63 
64  return 0;
65 }
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
long RPC_STATUS
Definition: rpc.h:52
static LIST_ENTRY LogHandleListHead
Definition: rpc.c:18
RPC_STATUS WINAPI RpcServerListen(UINT MinimumCallThreads, UINT MaxCalls, UINT DontWait)
Definition: rpc_server.c:1527
#define RPC_C_LISTEN_MAX_CALLS_DEFAULT
Definition: rpcdce.h:122
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
Definition: synch.c:697
smooth NULL
Definition: ftsmooth.c:416
static NTSTATUS ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle)
Definition: rpc.c:264
static CRITICAL_SECTION LogHandleListCs
Definition: rpc.c:19
void DPRINT(...)
Definition: polytest.cpp:61
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
void WINAPI DeleteCriticalSection(PCRITICAL_SECTION)
RPC_STATUS WINAPI RpcServerRegisterIf(RPC_IF_HANDLE IfSpec, UUID *MgrTypeUuid, RPC_MGR_EPV *MgrEpv)
Definition: rpc_server.c:1123
static const WCHAR L[]
Definition: oid.c:1087
PVOID IELF_HANDLE
Definition: eventlogrpc.idl:22
Status
Definition: gdiplustypes.h:24
RPC_STATUS WINAPI RpcServerUseProtseqEpW(RPC_WSTR Protseq, UINT MaxCalls, RPC_WSTR Endpoint, LPVOID SecurityDescriptor)
Definition: rpc_server.c:934
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
_In_ UINT _Out_ PNDIS_HANDLE LogHandle
Definition: ndis.h:5363
#define RPC_S_OK
Definition: rpcnterr.h:22

Variable Documentation

◆ EventLogSource

PEVENTSOURCE EventLogSource

Definition at line 35 of file eventlog.c.

Referenced by CheckLogOrSourceExistence(), and LogfReportEvent().